Was Vercel hacked? The truth behind the leak that shook the entire dev ecosystem

Overview of the incident

In April 2026, Vercel—a platform behind millions of modern web applications—unexpectedly confirmed unauthorized access to its internal system. At first glance, it seemed like a typical data breach. However, the deeper you look, the more the reality differs. There were no notorious zero-day vulnerabilities, nor were any servers "hacked" in the traditional sense. Instead, the attacker took a more sophisticated route: exploiting trust between systems. Specifically, a third-party AI application integrated with Google Workspace through OAuth was compromised. From there, the attacker didn’t need to break into Vercel’s system but simply “walked through the front door” with valid access rights. As a result of this incident, some internal data was accessed, user emails and metadata were exposed, and activity logs were collected. ShinyHunters—a familiar name in large-scale data leaks—claimed responsibility for this incident.

ShinyHunters dossier

Summary

ShinyHunters is a notorious cybercrime group focused on financial motives, first emerging around 2020. The group became famous for large-scale data theft operations and using a "Pay-or-Leak" extortion model, rather than deploying traditional encryption ransomware. From 2024 to 2026, the group made a clear shift in techniques: from exploiting basic infrastructure vulnerabilities to conducting supply chain attack campaigns and manipulating cloud infrastructures (Cloud/SaaS) through Vishing and OAuth abuse.

Identification information

Common name: ShinyHunters (Inspired by the rare "Shiny" Pokémon in the Pokémon series, referring to their interest in hunting rare data). Attribution level: Confirmed as a sophisticated underground network. The core members of this group are identified as key administrators of dark web forums like BreachForums. Active since: Began active operations in early 2020. Last observed activity: April 2026 (Direct or indirect involvement/lending their name in major SaaS supply chain attacks).

Targets & Motives

Targeted Sectors: Highly diverse and opportunistic. Frequently targeted industries include Finance - Banking, Telecommunications, Technology, Retail (global luxury brands), Aviation, and E-commerce. A common trait among victims is possessing extremely large customer data sets.

Targeted Regions: Global.

Motivation: 100% Financial. The group's profits come from two main sources:

Extorting victim organizations (Data Extortion).
Selling databases on black markets (such as BreachForums).

The group's techniques

ShinyHunters have shed the image of system "break-in" hackers exploiting software vulnerabilities. Instead, they have developed a calculated attack chain, exploiting human weaknesses and gaps in cloud identity management. Below is the typical attack flow of the group during the 2024-2026 period:

Phase 1: Access and Manipulation (Initial Access)

Instead of trying to crack passwords, the group manipulates victims into opening the door themselves.

Impersonating IT Department (Vishing): The attacker calls or messages the target employee (often junior or new staff), pretending to be a company IT support representative.
Authentication Bombing (MFA Fatigue): They continuously send two-step authentication requests (MFA) to the victim's phone. Exhausted by the constant notifications or deceived by the fake call, the victim inadvertently presses "Approve" for the hacker's login session.

Phase 2: Persistence and Privilege Escalation

Once they've gained access, they immediately set up barriers to prevent being kicked out, even if the victim discovers the breach and changes the original password.

OAuth Token Hijacking: Victims are often tricked into accessing a fake authorization interface. Here, they naively press "Allow" to grant high-value privileges (OAuth tokens) to a malicious application created by the hacker.
Parasite on Legitimate "Hosts": They may exploit third-party platforms integrated into the company system (such as Context.ai in the Vercel incident) to grant themselves permanent API keys that cannot be erased.

Phase 3: Expanding Territory (Lateral Movement)

Hackers scour every corner of the company using the manipulated legitimate employee badge.

They infiltrate internal chat platforms (Slack, Teams) and storage systems (SharePoint, Jira, GitHub) to search for higher-level accounts or secret codes (keys/secrets) accidentally left by engineers in comments or source code. Using tools like TruffleHog, they swiftly extract these critical assets.

Phase 4: System Core Extraction (Data Exfiltration)

The ultimate goal is to quietly extract all server data.

They use batch data processing tools, often disguised as legitimate backup software (such as the Data Loader tool in the Salesforce environment).
The most frightening aspect is the direct misuse of legitimate APIs. Massive data repositories are siphoned off through the main channels without triggering any system firewall or IDS alerts.

Tools & Malware

ShinyHunters do not rely on overly complex custom malware; instead, they exploit available scanning tools and the "Living off the Land" technique:

TruffleHog: An automated source code scanning tool to find keys and hardcoded secrets accidentally leaked in git repositories.
AuraInspector: Automates the scanning of misconfigurations or access errors in the Salesforce environment.
They use anonymous intermediary infrastructure and commercial proxies or consumer VPNs to bypass geo-blocking IP filters.

Technical analysis

As previously mentioned, the event didn't start with hackers finding a zero-day vulnerability on Vercel's system server. Instead, they followed a highly clever supply chain attack targeting "blind spots" from third-party integrations and identity management systems. This process is detailed through four core steps: Step 1: Exploiting the "weak link" (Initial Access via Context.ai): Rather than directly attacking Vercel's firewall, the hackers targeted a softer objective: Context.ai, an internal AI utility being integrated by Vercel employees. By compromising this satellite application, they established their initial foothold.

Step 2: Token Migration and Identity Exploitation (Privilege Escalation): Through the Trust Transference mechanism, Google Workspace automatically trusts the OAuth scopes granted by employees to the Context.ai application. Hackers exploited this loophole to deceive the system, thereby gaining full control of the victim's legitimate Google Workspace account. Step 3: Infiltrating the Internal "Treasure Trove" (Lateral Movement into Linear): Disguised as "employee accounts," the hacker group freely moved laterally and infiltrated the Linear project management platform. On this platform, they exploited security plans, lists of unpatched bugs, and even numerous passwords and secrets inadvertently left by engineers during work comments.

Step 4: Bypassing Encryption & Resource Drain (Exfiltration): The final critical point targeted the storage of Environment Variables. Although Vercel provides encryption at rest, since the querying account appeared legitimate, the system compliantly decrypted and returned clear text for all variables not marked "Sensitive." As a result, numerous business secrets like GitHub tokens and NPM release keys were extracted and sold on the Dark Web (BreachForums) for $2 million.

Assessing Impact Level

Risk of Package Poisoning (NPM Tokens): The batch of NPM publish tokens allows the insertion of malicious scripts into open libraries of thousands of organizations. The key to library poisoning incidents lies not in the stolen source code but in the automated build process that pulls malware into the victim's host.

Authorization Crisis (GitHub Tokens): With an OAuth token (even with read-only scopes), hackers can easily capture a complete snapshot of the source code architecture. If the token has write permissions, the ability to directly intervene in the source code is present. Nutcracker Effect with Web3/Crypto: Instead of attempting to hack into the smart contract platform, perpetrators can remain undetected by hacking the Vercel frontend platform. Here, they exploit exposed API endpoints or RPC keys to directly modify the wallet layer UI, draining investors' assets before the backend can detect any suspicious activity.

Recommendation

We recommend that all teams operating applications on Vercel activate the following task sequence:

Immediate Action (0-24h):

Rotate GitHub credentials: Access GitHub → Settings → Applications → Authorized OAuth Apps and revoke Vercel's permissions. Then, re-authorize from the Vercel dashboard.
Clean Environment Variables: Assume all credentials stored as environment variables are exposed. Immediately regenerate keys for Upstash, PostgreSQL, Redis, MongoDB, etc., and update the standard password version in Vercel.
Reset NPM Tokens: Review your organization's access logs on the npmjs dashboard, delete outdated tokens, and create tokens with the least privileges.
Check build logs for any secrets accidentally printed to stdout.
(Note on Reddit API): Due to the platform's restrictive application policy, do not suddenly delete the old API App to create a new one. Block the Reddit login feature in the UI and create an upgrade ticket with Reddit's help center.

Short-term Action (1-7 days):

Migrate the configuration structure to the "Sensitive Environment Variables" group to disable plaintext display.
Raise the "Deployment Protection" level on Vercel to at least "Standard."
Enable GitHub Secret Scanning for all repositories.